OpenBSD 5.0 Unleashed On the World 185
First time accepted submitter tearmeapart writes "A new version of the operating system that most of us would love to love, but probably hardly ever directly use, has been released. As scheduled, release 5.0 brings support for more hardware, network improvements, and OpenSSH 5.9. The links: changelog; download; main 5.0 page; and how to order your OpenBSD products!"
EPIC headline (Score:3)
Re: (Score:3)
...no but srsly, OpenBSD is not actually a giant blowfish out to destroy our cities.
Which would be more exciting then an OpenBSD release. I for one, welcome our new blowfish overlords.
Re: (Score:2)
Welcome them? We've already got an entire Congress full of them!
Re: (Score:2)
Of course, it is to protect us from the space hackers trying to invade our networks!
It is a friendly (to us) giant blowfish!
I once was at a job interview, and they asked if I had any experience with "the OpenBSD variant of Linux".
I was silent for a moment trying to gain my composure, and then said "... Well, it isn't actually a variant of Linux. It's derived from the original Unix work that Berkley did in conjunction Bell Labs, and not Linus Torvalds independently written Kernel."
Needless to say, I didn't g
Re: (Score:3, Funny)
Well, no wonder--you didn't use a possessive apostrophe after Linus Torvalds! Amateur mistake...
Re: (Score:2)
You mean Linus' Torvalds?
Re: (Score:2)
Needless to say, I didn't want that job.
FTFY. "Ah, a smartass know-it-all, eh?" It's always best to avoid managers who're easily intimidated by competence.
Re: (Score:2)
Needless to say, I didn't get a job.
Somewhere in the conversation did you answer the question as to whether or not you had OpenBSD experience? :-)
Re: (Score:2)
You will never get hired, wearing a ComiCon T-shirt, and opening your sentences by saying: "Actually,..."
Re: (Score:2)
You will never get hired, wearing a ComiCon T-shirt, and opening your sentences by saying: "Actually,..."
Actually :-), I got a job because when the interviewing manager asked how the programming test I had just taken went I told him how poor a test it was. He was very interested in my opinions regarding the matter. One of the first things I was assigned to do once hired was to create a new test. The manager was a business guy and knew nothing about programming but he understood rational arguments when he heard them.
Of course maybe I was hired because I wore a suit and tie for the interview.
Re: (Score:2)
Needless to say, I didn't get a job.
I imagine many of your job interview stories have the same punchline.
Re: (Score:2)
a bit over 50%. A bit under if you count the job offers I've turned down as "successes".
I've actually had better luck than most on interviewing for positions.
Comment removed (Score:5, Informative)
Re: (Score:1)
Install media? (Score:2)
I remember trying to install this back in the 3.0 days, being thwarted by the fact that one of the authors of the software owned the copyright on the OS in ISO disc format, effectively making it impossible to get a version to install without paying him. After a few failed days of missing this or that file, and corrupt BitTorrent copies, I gave up, went back to FreeBSD (at the time).
Re:Install media? (Score:4, Informative)
Not been the case for years, you can download the "install50.iso" image from the mirrors right now.
http://www.openbsd.org/ftp.html [openbsd.org]
Example:
http://mirror.bytemark.co.uk/pub/OpenBSD/5.0/i386/install50.iso [bytemark.co.uk]
Re: (Score:2)
Sounds like something I might have to give a try then. The 'I own the copyright on the ISO image, so you have to pay me to get an installable copy' stuff was bullshit, to be honest.
Re: (Score:3, Informative)
It was one of their main fundraising abilities - and to be quite honest, they never stopped other people putting together slightly different ISO layouts and going with those. Plus it was trivial to do an install from the tgz themselves.
Re: (Score:2)
Perhaps I'm missing something, but how are you supposed to boot from compressed tarballs?
Re: (Score:2)
Re: (Score:2)
It's 2011, almost 2012, and we're expected to use floppies? You seriously don't see anything wrong with this idea?
Now, the last time I had to dig in the mirrors looking for media, I didn't know how to do PXE. Was there / is there PXE-bootable "media" available?
Re: (Score:2)
Oh. Well, allow me to say "Hurr!"
Re: (Score:2)
use a Forth bios assuming that it has a LOAD verb and usb support.
write a UNTAR verb and an UNZIP verb
put the floppy
A:/image.tgz
LOAD.
UNTAR.
UNZIP.
EXECUTE '.
see that was easy as pie ;)
Re: (Score:2)
Use a what BIOS? And floppy, really? It's 2011, almost 2012.
Not being able to burn an .ISO and boot from it is and was, well, stupid. I'm glad you can actually download ISOs now.
Pre-built VMware Virtual Machines? (Score:2)
Does anybody know if there are pre-built VMware appliances with the new OpenBSD and VMware tools on them? Or will I need to do that from scratch?
Re: (Score:2)
I don't know. Can you repeat the question? [youtube.com]
Re: (Score:3)
I think they offer a free "net install" CD, and many others have put together offline install versoins.
But yeah, that's the OpenBSD way - they sell the One True Install media to ensure you're getting a pristine copy and not something potentially hacked up with hidden vulnerabilities and such. After all, OpenBSD is about security - and having a way to distribute unmodified CDs is quite hard.
If you're testing, fine, netinstall or "unofficial offline install" CDs and DVDs work. But if you're wanting a secure i
Re: (Score:1)
Re: (Score:1)
But yeah, that's the OpenBSD way - they sell the One True Install media to ensure you're getting a pristine copy and not something potentially hacked up with hidden vulnerabilities and such.
They're just trying to extract money.
and having a way to distribute unmodified CDs is quite hard
No it isn't. All you need is a secure checksum for the image.
Re: (Score:1)
OpenBSD always had a free install (Score:2)
I remember trying to install this back in the 3.0 days, being thwarted by the fact that one of the authors of the software owned the copyright on the OS in ISO disc format, effectively making it impossible to get a version to install without paying him. After a few failed days of missing this or that file, and corrupt BitTorrent copies, I gave up, went back to FreeBSD (at the time).
OpenBSD always had a simple free install if you had a network connection. There were free bootable images available for download. You boot from one of these and it downloads components as needed during the install. The only thing you had to pay for was a CD that contained all components and could do an install *without* a network connection. At least for the current release, the full CD images for previous releases were available for download.
Netinstall: cd50.iso OR Base: install50.iso (Score:2)
This is how you install Openbsd [openbsd.org]. You can download a small iso for your usb/cd, and that will download anything needed thru the net.
Back in the version 3 days, you needed only a floppy or two to start such an install, nowdays is the same, but ppl mostly use usb sticks now (the floppy image still exists).
Going for randomly made iso images on bittorrent was a very stupid idea. The only reason i could see someone needing a whole iso is if they lack connectivity.
You can compare this install method to Debian neti [debian.org]
Re: (Score:2)
The only reason i could see someone needing a whole iso is if they lack connectivity.
If you're doing multiple installs, it'd be a lot nicer for their servers if you're not slurping down a fresh copy for every install.
Re: (Score:2)
The only reason i could see someone needing a whole iso is if they lack connectivity.
If you're doing multiple installs, it'd be a lot nicer for their servers if you're not slurping down a fresh copy for every install.
A lot of times for multiple installs you only install it on to one machine, and then image that computer. After that you just put that image on the other computers that you need it installed on. That way is often easier too since you don't need to reconfigure anything.
Re: (Score:3)
You misunderstood.
You have always been able to download an .ISO, install OpenBSD over the net, etc. Although I give money to the OpenBSD guys, I have always just downloaded an .ISO from openbsd.org and installed with it.
You can get all the packages, ports, sources, binaries - everything - over the net.
Now, they do sell ISOs that have all the packages on them. If you want that, yes, you do have to pay it. That is explicitly stated as a fundraising method for the project. It wasn't "one of the authors" -
Re: (Score:1)
Sounds like you are a very stupid individual. All you had to do was download the install floppy image and you were set. Yes, there are install cd images now. No, you should not try again. Stick to freebsd, we don't need any more idiots that can't read clogging up the mailing list with stupid questions that are answered in the FAQ.
I realize others have probably told you this today, but you're a despicable human being.
Sigh. Some people just can't handle the truth.
Re: (Score:2)
I remember in the late 90s that it would be more efficient and cost effective to buy the discs and have them shipped, but that was more a matter of the cost of dial up service and the time it would take to deal with that.
I don't recall one ever having to pay for it as the BSD license does allow people to sell copies of it if they wish.
Wow! KDE 3.5 and Gnome 2.3 .... (Score:2)
It's Linux, direct from 2005!
Re:Wow! KDE 3.5 and Gnome 2.3 .... (Score:5, Insightful)
Re:Wow! KDE 3.5 and Gnome 2.3 .... (Score:5, Insightful)
It is crazy to think that shipping gnome 2.32, OpenBSD 5.0 has become much more desktop-friendly than Ubuntu.
Re: (Score:2)
It's the "downgrade to upgrade" meme all over again. We saw it all the time with /. posters talking about "upgrading to XP" from Vista.
Now it's playing out with Linux.
Re: (Score:2)
I like gnome 3 too, I just found it too different and not really mature for the time being.
As every human, I need time to adapt, and gnome 3 do not provide for a good backwards-compatible interface (there is one but is a hack and it sucks) .
Even windows 8 has a fallback interface that looks exactly like windows 7.
Re:Wow! KDE 3.5 and Gnome 2.3 .... (Score:4, Insightful)
I can't decide whether to mod you "funny", "insightful", "flamebait", or "sad".
Maybe we need an "all of the above" category.
Re: (Score:2)
Re: (Score:1)
Oh, I wasn't disagreeing.
I don't think I've ever seen OpenBSD with a GUI installed in the real world. I usually see it in DNS/DHCP and firewall roles... deep infrastructure for highly secure nets.
Desktops bonanza... (Score:2)
From the Distrowatch site, looks like the list of destops supported by BSD include AfterStep, Blackbox, Enlightenment, Fluxbox, GNOME, IceWM, KDE, Openbox, WMaker, Xfce. And as CarsonChittom pointed out below, it's offering 2 choices of KDE - 3.5.10 and 4.4.5. Chances are that when their Gnome 3.2 is ready, it'll be offered alongside 2.32. My favorite aspect - it offers both AfterStep & WindowMaker - two GNUSTEP based DEs.
As an aside, even Firefox 3.5.19 and 3.6.18 are included. As well as version
Re: (Score:3)
As others have commented, the graphics drivers are an exception, and may may be a bit behind the curve. I don't know, cos all my OBSD machines are headless.
Re: (Score:2)
"Linux distros would do well to do what the BSDs do - offer a wide choice of desktops, so that everyone can pick their own w/ minimum heartburn."
They already do, have a look at Opensuse for example. Even in Ubuntu your favourite DE is only a package install away.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I think later versions of Gnome are basically Linux-only, with a lot of desktop functionality being tied to low-level parts of Linux.
Re: (Score:2)
Oh boy. (Score:2)
I get to rebuild my firewall from source yet again.
Re: (Score:2)
Re: (Score:2)
Fair enough. I forget, because I generally follow CURRENT. It's hard to know what's best with OpenBSD. Check out this bit from the FAQ:
If I want the best version of OpenBSD I have to run CURRENT, which means I have to rebuild
Re: (Score:2)
Someday I'll just switch over to pfsense.
C'mon in, the water's warm. pfSense 2.0 is an excellent improvement over 1.2.3, which I thought was pretty grand itself. You might wait for 2.1, though, if you're in no rush, as it will have some new infrastructure and better IPv6 support.
Great dev. team and community, and they're finally starting to push most of their BSD patches upstream.
Re: (Score:2)
pfSense is based on the pf in OpenBSD 4.5. OpenBSD 5.0's pf is greatly improved.
There has been a lot of work going into getting an updated pf into FreeBSD, but they're only able to get the PF from OpenBSD 4.5 into 9.0-CURRENT (which is what pfSense 2.1 uses).
I run OpenBSD on my firewall and I mainly run -CURRENT from snapshots and I've never had any problems. -CURRENT rarely breaks.
Re: (Score:2)
but they're only able to get the PF from OpenBSD 4.5 into 9.0-CURRENT (which is what pfSense 2.1 uses).
It looks like the big news is IPv6 packet fragment reassembly and ACK prioritization, which would have been really useful to have if pfSense 2.1 is supposed to be 'the' IPv6 release.
I see some groundwork for future traffic shaping features - what else did I miss?
Re: (Score:2)
There's been quite a bit of improvement with pf's performance.
Check out Henning Brauer & Ryan McBride's 10 years of PF presentation [quigon.bsws.de].
Re: (Score:2)
Great stuff, thanks. Looks like some important NAT and ICMP handling changes too.
Re: (Score:2)
Hardly ever use? (Score:1)
Re: (Score:2)
You should... you aren't forced to use GNOME or KDE (I use sctrotwm), and I can run gimp, vlc, mplayer, libreoffice (or openoffice.org, because choice=freedom). Most all of the software you use is available on OpenBSD, and if not, the ports system is pretty easy to use to create software ports and packages in OpenBSD.
plus, as long as you do your homework before posting something to the list, you'll generally get some great people to help you...
Re: (Score:1)
Re: (Score:2)
You do know that packages exist right? Why would you make pain for yourself?
Not provably secure (Score:1, Flamebait)
OpenBSD is only perceptually secure. There is no unbiased audit process. There is no verification by a third party. There's just narcissism. The only reasons we think OpenBSD is secure are:
1) OpenBSD supporters said so.
2) Few people who say they use OpenBSD actually use OpenBSD. As a result, few security holes are found and published.
Please prove this wrong. All I'm seeing are various forms of cognitive distortion and fallacies when people try to prove to me that OpenBSD is truly more secure.
Re: (Score:1)
Re: (Score:3)
There you go, raising that tired old misconception that the only security work OpenBSD team did was to "secure the base install only". Why don't you educate yourself on its architecture, its security libraries and softwares, and how the OS protects against privilege escalation and execution of malicious code. Why not learn why the OpenBSD filesystem is more robust than most? Then you can discuss real shortcomings (yes I know some, but they're not anything you mentioned) instead of aping same old nonse
Re: (Score:2)
Then you can discuss real shortcomings
Like performance. I know that this is like complaining that entry to a secure data centre is slower than entering a public building, but it is one reason why it won't be a desktop of choice for many people.
Re: (Score:2)
You're wrong, because of the claims and the track record, finding a vulnerability in the base install is a great way to make a name for oneself as a security researcher. In the last decade only one has been found. Which is pretty damn impressive by any standard.
Probably the only better way of ensuring that level of security would be paying out a million dollars for such an exploit.
Re: (Score:2)
The kiddie porn sites that anonymous took over were BSD. I had to laugh again when I saw that!
Said sites were running FreeBSD [wjunction.com]. I had to laugh at you when I saw that! Cheers!
Re:Not provably secure (Score:4, Informative)
If its security is important to you, you're fully capable of funding your own audit from a third party, either solo or as a group effort. Put together a requirements list, find out a price, and start asking others to chip in until you can afford it.
You're also free to Google for "OpenBSD exploit" and look at all the (very few) results for actual remote exploits.
OpenBSD has always had much more intelligent (secure) default settings for its installed services and packages than Linux or Windows, but I don't administer any OpenBSD boxes regularly myself because its a bit of a pain for day to day patches and updates compared to Linux. There's a trade-off to be made between security and hours available in the week.
Re: (Score:1)
...did you use SSH today?
Re:Not provably secure (Score:5, Insightful)
So we should all realize that OpenBSD is overrated. Because you said so.
Re: (Score:2)
Actually yes you should.
He did not say that it wasn't secure he said that it wasn't provably secure. They say they are secure but their has been no third party testing or auditing of the code so It all comes down to "We are secure because we say so."
OpenBSD does have a very good track record but that could be in part luck or just that they are a small target. It could also mean that it is that secure but without a security audit by a third party it is all just taking the developers word for it.
Re: (Score:2)
A small target? Their security wares (including openssh and openssl) are used by almost all the Unix, BSD, Linux. and by major companies (cisco, juniper, HP, etc.). That makes some of the wares of the OpenBSD team a HUGE target. Now where will you find the most secure implementation of those wares in an operating system?
Re: (Score:2)
So?
First OpenSSL are a separate project.
Second their is more to an OS then SSH and SSL.
Third do you know what provably means? Until you have a formal 3rd party code audit it isn't provably secure. It could be the most secure OS on the planet but it is that provable part that OpenBSD is lacking. If OpenBSD had good support for ZFS I would be tempted to use it on a NAS because it does have such a good track record.
wrong!!!! (Score:2)
I was referring to the OpenSSH and OpenSSL implementations that the OpenBSD team developed from scratch.
Re: (Score:2)
Remove one and renumber the rest then. WRONG!!!! Still not provably secure.
Re: (Score:2)
Yes, "real world" provably secure rather than your "ivory tower knothead" secure. The thing has stood the attacks of the wild, and has the admiration and use of experts in the field. the kind of audit and certification you are talking about means nothing, suppose the pathological liars of Gartner commissioned some agenda-driven study.....
Re: (Score:2)
Real world provable?
Dude get you panties out of a twist. I never said that OpenBSD was terrible or that it's security sucked. Heck if it supported XFS well, I would be tempted to use it for a SAN or NAS because it has such a good track record.
Mindless fandom like you exhibit is unprofessional and frankly hurts the reputation of OpenBSD.
I am sure that the OpenBSD team would love to have someone pay for a third party security audit of their code. I can understand that it is expensive and they do not have the
Re: (Score:2)
Well, at least the OpenBSD guys admit on their _own_ homepage the last time they were vulnerable. What other OS manufacturer does that at _all_ ??
I appreciate the honesty and public disclosure -- not trying to sweep it under the rug like almost every OS does.
Re: (Score:1)
Kriston, if there are no candies at the store, the store has no candies for sale. That's not to say there couldn't be any candies left in a drawer by accident, but, no one knows if they exist, hence the above still holds true: the store has no candies for sale. There is no need for an external audit, because, even if you found some candies in a drawer as a result of the audit, the store still had no candies for sale at the time when they claimed they didn't have candies for
Re: (Score:2)
Why? So that you can stand there raising and lowering the bar with your brain on dial-tone while everyone else does the heavy lifting?
I'm sure it costs tens of millions of dollars to prove that any system is secure, and the proof won't even be correct. Does OpenBSD say "provably secure" on its web site? I didn't think so.
You want proof? You can't afford the proof!
In the real world, this is actually a matter of judgement and prudence. Your assertion that no-one tries to attack
HAH! youare ignorant of IT security industry (Score:2)
Then why does the OpenBSD team have recognized leadership in the security industry, their wares are part of major OS such as HP/UX, Sun Solaris, sgi IRIX, and in products such as certain models of Cisco and Juniper routers and HP Procurve switches?
Re: (Score:2)
Please prove this wrong.
Right, just after you prove that there isn't an invisible pink unicorn sitting on my monitor.
Re: (Score:2)
OpenBSD brags that there have only been a few remote holes in the default install in so many years. But if that is the metric of overall security, Ubuntu is the most secure OS out there. By default, there are ZERO listening ports on an Ubuntu installation
Default install or default installation set. I thought OpenBSD claimed the latter, which is something quite different.
Not had a good experience (Score:1)
I keep wanting to try one of the BSDs out on a preliminary basis to see how it compares to Linux, but honestly every one of them has irked me from the point of installation. I've tried FreeBSD, OpenBSD, and PC-BSD.
The former two were somewhat cryptic to me, despite 10 years of Linux experience. I've done everything from manage servers to develop for embedded systems, and I always managed to figure things out. But FreeBSD, for example, gives me this somewhat counter-intuitive menu to go through, most of w
Re: (Score:2)
And what the fuck does anything you said have to do with OpenBSD?
Hint: OpenBSD is NOT Linux. It's *UNIX* so you have to understand slices.
Re: (Score:3)
How strange, OpenBSD even gives you option of automatic disk partition layout, they'll do it for you! on a DHCP network with typical desktop PC you could take defaults all the way except for providing root password and any username/password you want through the install, and have a bootable system in less than ten minutes. It's faster than installing typical GNU/Linux or Unix, that's for sure.
Re: (Score:2)
I'm a KDE man myself and an occasional FreeBSD user. FreeBSD at least has meta-packages for the gnome and kde desktops that pull in all the dependencies for you. Sure, it's harder then Ubuntu, but then what isn't?
ZFS performance? (Score:2)
Any benchmarks with ZFS yet?
Re: (Score:2)
yes, Oracle still refuses to put a decent license on their wares. So once again they fail the OpenBSD's team's benchmark
Re: (Score:1)
Ubuntu? I though eveyone has already switched to LMDE. Windows 8 my homework.
Re: (Score:3)
Why is this news on the main page?
Because OpenBSD matters?
Ubuntu 11.10 is out too and Windows 8 will be out soon!
... as compared to them.
In other news, Kim Kardashian got divorced after 72 days!
Who?
Seriously, I didn't know they'd released a new version, and I was just wondering what I should do with a presently mothballed system I have. Now, I can build an OpenBSD sandbox to play with. Woohoo! :-)
Re: (Score:2)
Larry hasn't yet gotten around to buying them out.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
1. Somehow, Richard Stallman hasn't claimed that OpenBSD is also "the Gnu System".
Probably because it's not GNU, what a shocker. Even though it might sound pedantic of him to keep repeating it, he emphasizes the name GNU/Linux precisely because Linux filled in the kernel void where HURD failed to deliver. On GNU/Linux, you're using the GNU system, just not with the kernel they wanted (for better or worse). This is the same reason that Debian 6.0 and later have an install disc for GNU/kFreeBSD; it's GNU with the kernel of FreeBSD.
OpenBSD (and FreeBSD) are not based on GNU; you can inst